August 6, 2024 at 01:16PM
Samsung has introduced the new ‘Important Scenario Vulnerability Program’ for its mobile devices, offering bug bounty rewards of up to $1,000,000 for critical attack demonstrations. Highlighted payouts include rewards for arbitrary code execution and unlocks with data extraction. In 2023, Samsung paid security researchers $827,925 and aims to break records with the ISVP launch.
From the meeting notes, the key takeaways are:
1. Samsung has launched the “Important Scenario Vulnerability Program (ISVP)” bug bounty program for its mobile devices.
2. The program offers rewards of up to $1,000,000 for reports demonstrating critical attack scenarios, such as arbitrary code execution, unlocking of devices, data extraction, arbitrary application installation, and bypassing device protections.
3. The program highlights specific payouts for vulnerabilities related to Knox Vault, TEEGRIS OS, and Rich OS on Samsung devices, with rewards ranging from $30,000 to $1,000,000.
4. Certain conditions must be met to claim rewards, including the inclusion of a buildable exploit that works without privileges consistently on the latest security update of flagship models.
5. Samsung paid security researchers participating in its Mobile Security Rewards Program a total of $827,925 in 2023, and has paid over $4,900,000 in bug bounty rewards since the program started in 2017.
6. The launch of ISVP aims to provide strong incentives to garner reports for more critical issues impacting Samsung devices, with the goal of breaking previous bug bounty reward records.